THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
The policy model enhancements in RANGER-606 add the capability to explicitly deny access on the given conditions and also to specify excludes to allow-conditions and deny-conditions. Let’s use the same policies used in the previous section, but with an added condition to explicitly deny access to users in interns group.
Please note that deny in policies are available only for services whose service-def has option enableDenyAndExceptionsInPolicies set to true, as shown below:
{
"name": "hdfs",
"description": "HDFS Repository",
"options": {
"enableDenyAndExceptionsInPolicies": "true"
}
}
Please refer to this wiki for details of REST APIs to update service-def.
2.2.1 HDFS policy for /finance folder access: allow users in finance group, deny all users in interns group
...